Advisories » MGASA-2015-0239

Updated fuse packages fix CVE-2015-3202

Publication date: 27 May 2015
Modification date: 27 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3202

Description

Updated fuse packages fix security vulnerability:

Tavis Ormandy discovered that FUSE incorrectly filtered environment variables.
A local attacker could use this issue to gain administrative privileges
(CVE-2015-3202).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16016
• http://www.ubuntu.com/usn/usn-2617-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202

SRPMS

4/core

• fuse-2.9.3-2.1.mga4